Within one Kubernetes pod, access credentials were exposed to Tesla's AWS environment which contained an Amazon S3 (Amazon Simple Storage Service) bucket that had sensitive data such as telemetry.

RedLock’s Cloud Security Intelligence team was the first one that noticed the supposed intrusion last month already when trying to reveal which organization left credentials for an Amazon Web Services (AWS)[3] account readable to the public. A close investigation revealed that AWS’s owner is Tesla. Soon after that, CSI revealed the Tesla’s account hack and reported the vulnerability.

Criminals hide themselves under Cloudflare IP address

Security experts point out to the fact that hackers managed to evade immediate detection by concealing the footprints by the IP address hosted by well-known security firm Cloudflare. Thy cryptocurrency mining software has also been configured in a non-standard way. The used a non-standard port for establishing an Internet connection and connected to semi-public mining pools. The CPU consumption[4] typical of cryptomining software has been reduced intentionally to evade easy detection and shutdown.

The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.

Tesla immunized the vulnerability quickly and appointed a 3 000 USD reward to RedLock’s researchers.

The pursuit of digital currencies leverages

Cryptocurrency mining is an old approach used for getting Bitcoin,[5] Monero or another cryptocurrency coins. Although the mining process is not illegal, hackers exploit systems’ vulnerability, inject mining software and stealthily misuse CPU and GPU power to mine cryptocurrency.

Earlier this money extortion method was not that popular, so hackers were able to connect thousands of PCs into mining pool and get the considerable amount of virtual coins. Technology improvements nowadays pose many difficulties for hackers urging them to be more creative.

Based on the current strategies used, Amazon Web Service (AWS) is expected to be one of the most significant targets for hackers in 2018. Cybersecurity experts warn that AWS S3 buckets are at extreme danger of being exploited for malware distribution. The publicly-readable and publicly-writeable S3 servers might be stolen and further used for ransomware attacks of cryptocurrency mining.

About the author

Jake Doevan
- Computer technology expert

Jake Doevan is one of News Editors for 2-spyware.com. He graduated from the Washington and Jefferson College , Communication and Journalism studies.